Nearly all customers of the telecommunications company AT&T were affected by a cyberattack that exposed phone records of calls and texts from May 2022 through October 2022, and on Jan. 2, 2023, the company said Friday.
Although the company said the breach did not expose the contents of calls or texts or information such as Social Security numbers, passwords or other personally identifiable information, the information that was exposed can still threaten customers’ security.
If you are an AT&T customer, here is what you need to know about the breach.
How do I know if my records were exposed?
AT&T will contact you by text, email or U.S. mail if your account was affected by the cyberattack, the company said.
But AT&T also said that “nearly all” customers had been affected by the breach. So if you were a customer from May 1, 2022, to Oct. 31, 2022, or on Jan. 2, 2023, your phone logs were most likely exposed.
What was exposed?
The phone numbers that you texted and called, as well as how frequently you interacted with them, were exposed by the breach, the company said.
Customers’ personal details, such as Social Security numbers and dates of birth, were not exposed. Nor were the contents of the calls and texts. Although customers’ names were not exposed by the breach, “there are often ways to find a name associated with a phone number using publicly available online tools,” AT&T said.
For some records, the users’ locations — in the form of cell site ID numbers — were exposed, the company said.
What should I be worried about?
This may not seem as worrisome as a breach that exposes financial information or highly sensitive information like Social Security numbers. But Anton Dahbura, the executive director of the Information Security Institute at Johns Hopkins University, said it was still highly worrisome.
“It really is a big deal,” he said. “Knowing more about people — who they talk to, where they go, where they socialize — is a treasure trove for people who ultimately would want to do harm.”
Location information can expose highly intimate details about your life, like trips to doctors’ offices and outings with romantic partners, as The New York Times has previously reported.
In addition to the personal privacy concerns, someone’s having access to your physical location and contact habits puts you and the people with whom you have contact in physical danger. It can also allow someone to create a highly intelligent cyberattack through phishing or hacking, Mr. Dahbura said.
“The people that do these things are so clever,” he said. “This would be one step in a process of being able to gain access to sensitive systems, important organizations and ultimately do harm.”
How can I protect myself?
“We always have to be vigilant,” Mr. Dahbura said.
Although the breach at AT&T was recent, Mr. Dahbura said that did not mean you should expect an attack in the near future. Those with ill intentions are patient and are known to wait months or years before using information to set up an attack.
Make sure your passwords are strong and be vigilant about opening suspicious links or following directions from someone over the phone.
Should I stop using AT&T?
“I think that’s irrelevant,” Mr. Dahbura said. “But every organization, literally, is subject to these breaches and these attacks. It’s really a level playing field.”
The post Are You an AT&T Customer? Here’s What to Know About the Data Breach. appeared first on New York Times.